[Webkit-unassigned] [Bug 130793] New: ASSERTION FAILED: m_status.eor != U_OTHER_NEUTRAL || m_eor.atEnd() in WebCore::BidiResolver::checkDirectionInLowerRaiseEmbeddingLevel
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Mar 26 13:09:16 PDT 2014
https://bugs.webkit.org/show_bug.cgi?id=130793
Summary: ASSERTION FAILED: m_status.eor != U_OTHER_NEUTRAL ||
m_eor.atEnd() in
WebCore::BidiResolver::checkDirectionInLowerRaiseEmbed
dingLevel
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
OS/Version: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: WebCore Misc.
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: rhodovan.u-szeged at partner.samsung.com
CC: darin at apple.com, ap at webkit.org
Blocks: 116980
Created an attachment (id=227878)
--> (https://bugs.webkit.org/attachment.cgi?id=227878&action=review)
Test case
The failing test case:
<meta charset="iso-8859-8-e">
<bdo>
<embed></embed>
</bdo>
<kbd dir="auto">
The backtrace:
ASSERTION FAILED: m_status.eor != U_OTHER_NEUTRAL || m_eor.atEnd()
/home/reni2/data/REPOS/webkit_sec/Source/WebCore/platform/text/BidiResolver.h(354) : void WebCore::BidiResolver<Iterator, Run>::checkDirectionInLowerRaiseEmbeddingLevel() [with Iterator = WebCore::InlineIterator; Run = WebCore::BidiRun]
1 0x7ffff5ed9db5 WTFCrash
2 0x7ffff17c8591 WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>::checkDirectionInLowerRaiseEmbeddingLevel()
3 0x7ffff17c364c WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>::lowerExplicitEmbeddingLevel(UCharDirection)
4 0x7ffff17c0674 WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>::commitExplicitEmbedding()
5 0x7ffff17bacf3
6 0x7ffff17bab77
7 0x7ffff17baa41
8 0x7ffff17be457 WebCore::InlineIterator::increment(WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>*)
9 0x7ffff17f8a29 WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>::increment()
10 0x7ffff17fb3d3 WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>::createBidiRunsForLine(WebCore::InlineIterator const&, WebCore::VisualDirectionOverride, bool)
11 0x7ffff17efc6a
12 0x7ffff17f0045
13 0x7ffff17f22e7 WebCore::RenderBlockFlow::layoutRunsAndFloatsInRange(WebCore::LineLayoutState&, WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>&, WebCore::InlineIterator const&, WebCore::BidiStatus const&, unsigned int)
14 0x7ffff17f0978 WebCore::RenderBlockFlow::layoutRunsAndFloats(WebCore::LineLayoutState&, bool)
15 0x7ffff17f40f8 WebCore::RenderBlockFlow::layoutLineBoxes(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&)
16 0x7ffff17d71be WebCore::RenderBlockFlow::layoutInlineChildren(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&)
17 0x7ffff17d6531 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit)
18 0x7ffff17a67ff WebCore::RenderBlock::layout()
19 0x7ffff17d7588 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&)
20 0x7ffff17d70ca WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&)
21 0x7ffff17d6555 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit)
22 0x7ffff17a67ff WebCore::RenderBlock::layout()
23 0x7ffff17d7588 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&)
24 0x7ffff17d70ca WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&)
25 0x7ffff17d6555 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit)
26 0x7ffff17a67ff WebCore::RenderBlock::layout()
27 0x7ffff1971b21 WebCore::RenderView::layoutContent(WebCore::LayoutState const&)
28 0x7ffff197225a WebCore::RenderView::layout()
29 0x7ffff14ff5c5 WebCore::FrameView::layout(bool)
30 0x7ffff0f526d5 WebCore::Document::implicitClose()
31 0x7ffff13d383b WebCore::FrameLoader::checkCallImplicitClose()
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff5ed9dba in WTFCrash () at /home/reni2/data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:333
333 *(int *)(uintptr_t)0xbbadbeef = 0;
(gdb) bt
#0 0x00007ffff5ed9dba in WTFCrash () at /home/reni2/data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:333
#1 0x00007ffff17c8591 in WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>::checkDirectionInLowerRaiseEmbeddingLevel (this=0x7fffffffafb0)
at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/platform/text/BidiResolver.h:354
#2 0x00007ffff17c364c in WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>::lowerExplicitEmbeddingLevel (this=0x7fffffffafb0,
from=U_LEFT_TO_RIGHT) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/platform/text/BidiResolver.h:370
#3 0x00007ffff17c0674 in WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>::commitExplicitEmbedding (this=0x7fffffffafb0)
at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/platform/text/BidiResolver.h:473
#4 0x00007ffff17bacf3 in WebCore::notifyObserverEnteredObject<WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun> > (observer=0x7fffffffafb0,
object=0x8cf0b0) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/rendering/InlineIterator.h:139
#5 0x00007ffff17bab77 in WebCore::bidiNextShared<WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun> > (root=..., current=0x933ae0,
observer=0x7fffffffafb0, emptyInlineBehavior=WebCore::SkipEmptyInlines, endOfInlinePtr=0x0)
at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/rendering/InlineIterator.h:229
#6 0x00007ffff17baa41 in WebCore::bidiNextSkippingEmptyInlines<WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun> > (root=...,
current=0x933ae0, observer=0x7fffffffafb0) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/rendering/InlineIterator.h:261
#7 0x00007ffff17be457 in WebCore::InlineIterator::increment (this=0x7fffffffafb0, resolver=0x7fffffffafb0)
at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/rendering/InlineIterator.h:365
#8 0x00007ffff17f8a29 in WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>::increment (this=0x7fffffffafb0)
at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/rendering/InlineIterator.h:408
#9 0x00007ffff17fb3d3 in WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>::createBidiRunsForLine (this=0x7fffffffafb0, end=...,
override=WebCore::VisualLeftToRightOverride, hardLineBreak=false) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/platform/text/BidiResolver.h:571
#10 0x00007ffff17efc6a in WebCore::constructBidiRunsForSegment (topResolver=..., bidiRuns=..., endOfRuns=..., override=WebCore::VisualLeftToRightOverride,
previousLineBrokeCleanly=false) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockLineLayout.cpp:895
#11 0x00007ffff17f0045 in WebCore::constructBidiRunsForLine (block=0x884b20, topResolver=..., bidiRuns=..., endOfLine=...,
override=WebCore::VisualLeftToRightOverride, previousLineBrokeCleanly=false)
at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockLineLayout.cpp:958
#12 0x00007ffff17f22e7 in WebCore::RenderBlockFlow::layoutRunsAndFloatsInRange (this=0x884b20, layoutState=..., resolver=..., cleanLineStart=...,
cleanLineBidiStatus=..., consecutiveHyphenatedLines=0) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockLineLayout.cpp:1375
#13 0x00007ffff17f0978 in WebCore::RenderBlockFlow::layoutRunsAndFloats (this=0x884b20, layoutState=..., hasInlineChild=true)
at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockLineLayout.cpp:1100
#14 0x00007ffff17f40f8 in WebCore::RenderBlockFlow::layoutLineBoxes (this=0x884b20, relayoutChildren=true, repaintLogicalTop=..., repaintLogicalBottom=...)
at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockLineLayout.cpp:1696
#15 0x00007ffff17d71be in WebCore::RenderBlockFlow::layoutInlineChildren (this=0x884b20, relayoutChildren=true, repaintLogicalTop=...,
repaintLogicalBottom=...) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockFlow.cpp:568
#16 0x00007ffff17d6531 in WebCore::RenderBlockFlow::layoutBlock (this=0x884b20, relayoutChildren=true, pageLogicalHeight=...)
at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockFlow.cpp:394
#17 0x00007ffff17a67ff in WebCore::RenderBlock::layout (this=0x884b20) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:1286
#18 0x00007ffff17d7588 in WebCore::RenderBlockFlow::layoutBlockChild (this=0x884a50, child=..., marginInfo=..., previousFloatLogicalBottom=...,
maxFloatLogicalBottom=...) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockFlow.cpp:629
#19 0x00007ffff17d70ca in WebCore::RenderBlockFlow::layoutBlockChildren (this=0x884a50, relayoutChildren=true, maxFloatLogicalBottom=...)
at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockFlow.cpp:548
#20 0x00007ffff17d6555 in WebCore::RenderBlockFlow::layoutBlock (this=0x884a50, relayoutChildren=true, pageLogicalHeight=...)
at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockFlow.cpp:396
#21 0x00007ffff17a67ff in WebCore::RenderBlock::layout (this=0x884a50) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:1286
#22 0x00007ffff17d7588 in WebCore::RenderBlockFlow::layoutBlockChild (this=0x7a3ac0, child=..., marginInfo=..., previousFloatLogicalBottom=...,
maxFloatLogicalBottom=...) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockFlow.cpp:629
#23 0x00007ffff17d70ca in WebCore::RenderBlockFlow::layoutBlockChildren (this=0x7a3ac0, relayoutChildren=true, maxFloatLogicalBottom=...)
at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockFlow.cpp:548
#24 0x00007ffff17d6555 in WebCore::RenderBlockFlow::layoutBlock (this=0x7a3ac0, relayoutChildren=true, pageLogicalHeight=...)
at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlockFlow.cpp:396
#25 0x00007ffff17a67ff in WebCore::RenderBlock::layout (this=0x7a3ac0) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:1286
#26 0x00007ffff1971b21 in WebCore::RenderView::layoutContent (this=0x7a3ac0, state=...)
at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/rendering/RenderView.cpp:152
#27 0x00007ffff197225a in WebCore::RenderView::layout (this=0x7a3ac0) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/rendering/RenderView.cpp:281
---Type <return> to continue, or q <return> to quit---
#28 0x00007ffff14ff5c5 in WebCore::FrameView::layout (this=0x949710, allowSubtree=true)
at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/page/FrameView.cpp:1261
#29 0x00007ffff0f526d5 in WebCore::Document::implicitClose (this=0x752fa0) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/dom/Document.cpp:2456
#30 0x00007ffff13d383b in WebCore::FrameLoader::checkCallImplicitClose (this=0x9e6208)
at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/loader/FrameLoader.cpp:884
#31 0x00007ffff13d35d6 in WebCore::FrameLoader::checkCompleted (this=0x9e6208) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/loader/FrameLoader.cpp:830
#32 0x00007ffff13d3344 in WebCore::FrameLoader::finishedParsing (this=0x9e6208) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/loader/FrameLoader.cpp:754
#33 0x00007ffff0f59d5f in WebCore::Document::finishedParsing (this=0x752fa0) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/dom/Document.cpp:4457
#34 0x00007ffff125b737 in WebCore::HTMLConstructionSite::finishedParsing (this=0x8801b8)
at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLConstructionSite.cpp:393
#35 0x00007ffff1294271 in WebCore::HTMLTreeBuilder::finished (this=0x8801a0)
at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2988
#36 0x00007ffff12631d4 in WebCore::HTMLDocumentParser::end (this=0x9a48d0)
at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:439
#37 0x00007ffff12632bf in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd (this=0x9a48d0)
at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:450
#38 0x00007ffff1261f09 in WebCore::HTMLDocumentParser::prepareToStopParsing (this=0x9a48d0)
at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:165
#39 0x00007ffff1263302 in WebCore::HTMLDocumentParser::attemptToEnd (this=0x9a48d0)
at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:462
#40 0x00007ffff12633b9 in WebCore::HTMLDocumentParser::finish (this=0x9a48d0)
at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:490
#41 0x00007ffff13c55e5 in WebCore::DocumentWriter::end (this=0x903980) at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/loader/DocumentWriter.cpp:248
#42 0x00007ffff13aff8b in WebCore::DocumentLoader::finishedLoading (this=0x9038e0, finishTime=0)
at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/loader/DocumentLoader.cpp:440
#43 0x00007ffff13afcf4 in WebCore::DocumentLoader::notifyFinished (this=0x9038e0, resource=0x9d0a60)
at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/loader/DocumentLoader.cpp:374
#44 0x00007ffff1458bfc in WebCore::CachedResource::checkNotify (this=0x9d0a60)
at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedResource.cpp:332
#45 0x00007ffff1458cda in WebCore::CachedResource::finishLoading (this=0x9d0a60)
at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedResource.cpp:348
#46 0x00007ffff14556ae in WebCore::CachedRawResource::finishLoading (this=0x9d0a60, data=0x92e0f0)
at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedRawResource.cpp:96
#47 0x00007ffff141095e in WebCore::SubresourceLoader::didFinishLoading (this=0x9ce380, finishTime=0)
at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/loader/SubresourceLoader.cpp:310
#48 0x00007ffff140cc19 in WebCore::ResourceLoader::didFinishLoading (this=0x9ce380, finishTime=0)
at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/loader/ResourceLoader.cpp:508
#49 0x00007ffff1cf6715 in WebCore::readCallback (asyncResult=0x8a41e0, data=0x9ce7a0)
at /home/reni2/data/REPOS/webkit_sec/Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:1324
#50 0x00007fffe8ee102a in async_ready_callback_wrapper (source_object=0x971cc0, res=0x8a41e0, user_data=0x9ce7a0) at ginputstream.c:530
#51 0x00007fffe8f005bb in g_task_return_now (task=0x8a41e0) at gtask.c:1105
#52 0x00007fffe8f005d9 in complete_in_idle_cb (task=0x8a41e0) at gtask.c:1114
#53 0x00007fffed28af46 in g_main_dispatch (context=0x8a3970) at gmain.c:3054
#54 g_main_context_dispatch (context=context at entry=0x8a3970) at gmain.c:3630
#55 0x00007ffff78dc6e8 in _ecore_glib_select__locked (ecore_timeout=<optimized out>, efds=<optimized out>, wfds=0x7fffffffc6d0, rfds=0x7fffffffc650,
ecore_fds=11, ctx=<optimized out>) at ecore_glib.c:171
#56 _ecore_glib_select (ecore_fds=11, rfds=0x7fffffffc650, wfds=0x7fffffffc6d0, efds=<optimized out>, ecore_timeout=<optimized out>) at ecore_glib.c:205
#57 0x00007ffff78d6b37 in _ecore_main_select (timeout=timeout at entry=0) at ecore_main.c:1466
#58 0x00007ffff78d762c in _ecore_main_loop_iterate_internal (once_only=once_only at entry=0) at ecore_main.c:1860
#59 0x00007ffff78d79c7 in ecore_main_loop_begin () at ecore_main.c:956
#60 0x0000000000406866 in main (argc=2, argv=0x7fffffffdb68) at /home/reni2/data/REPOS/webkit_sec/Tools/EWebLauncher/main.c:1002
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list